UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must be capable of taking organization defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure).


Overview

Finding ID Version Rule ID IA Controls Severity
V-32383 SRG-APP-000109-DB-000049 SV-42720r1_rule Medium
Description
It is critical when a system is at risk of failing to process audit logs as required, it detects and takes action to mitigate the failure. Audit processing failures include: software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Applications are required to be capable of either directly performing or calling system level functionality performing defined actions upon detection of an application audit log processing failure. A failure of database auditing will result in either the database continuing to function without auditing or in a complete halt to database operations. The database must be capable of taking organization defined actions to avoid either a complete halt to processing or processing transactions in an unaudited manner.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40825r1_chk )
Review DBMS, OS, or third party logging application settings and/or documentation to determine whether the system is capable of taking organization defined actions in the case of an auditing failure. If the system is not capable of taking organization defined actions in the case of auditing failure, this is a finding.
Fix Text (F-36298r1_fix)
Use DBMS, OS, or third party logging software capable of taking organization defined actions in the case of an auditing failure.